}
if ($res['expire'] !== '-1' && time() >= (int) $res['expire']) {
header("HTTP/1.0 410 Gone", true, 410);
die('410 Gone: this file expired on ' . date(DateTime::ISO8601, (int) $res['expire']));
}
if (is_string($res['password_hash']) && 0 < strlen($res['password_hash'])) {
if (!isset($_GET['password'])) {
header("HTTP/1.0 403 Forbidden", true, 403);
die('this file is password protected, and no password supplied.');
}
if (passwordHashV1($_GET['password']) !== $res['password_hash']) {
header("HTTP/1.0 403 Forbidden", true, 403);
die('wrong password');
}
}
$fullFilePath = hhb_combine_filepaths($files_folder, $res['local_filename']);
if (!file_exists($fullFilePath)) {
throw new Exception("CORRUPTED DATABASE! FILE FOR " . var_export($id, true) . ' DOES NOT EXIST!');
}
header('Content-Description: File Transfer');
header('Content-Type: ' . $res['file_content_type']);
header('Content-Disposition: attachment; filename="' . $res['data_name'] . '"');
//dont worry, data_name in db is already sanitized... or is supposed to be....
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
if ($res['compression'] === '0') {
$size = filesize($fullFilePath);
header('Content-Length: ' . $size);
if (($read = readfile($fullFilePath)) !== $size) {
throw new Exception('Could only read ' . $read . ' bytes of a .' . $size . ' bytes file! id: ' . var_export($id, true));
$response->errors[] = 'dataName is invalid, and strict_filename is enabled. can not continue. offending dataName character start at byte offset ' . $failOffset;
return false;
}
$dataName = sanitizeDataName($dataName);
$response->warnings[] = 'dataName is invalid. offending dataName character start at byte offset ' . $failOffset . '. dataName has been transliterated/sanitized from UTF8 to ASCII with iconv, and truncated to 255 bytes. the new dataName is: ' . $dataName;
}
$response->final_filename = $dataName;
$clientIP = getClientIP();
if (!isset($_GET['response_type']) && !isset($_POST['response_type'])) {
$responseType = 'json';
//currently unused...
}
require_once './../getdb.inc.php';
$passwordHash = getPasswordHash();
$localFilename = generateLocalFilename();
$fullFilePath = hhb_combine_filepaths($files_folder, $localFilename);
if (!file_exists($fullFilePath)) {
if (isset($_POST['upload_data'])) {
if (($tmpi1 = strlen($_POST['upload_data'])) !== ($tmpi2 = file_put_contents($fullFilePath, $_POST['upload_data']))) {
@unlink($fullFilePath);
//attempt cleanup of corrupted file...
$response->errors[] = 'internal server error. tried to write ' . var_export($tmpi1, true) . ' bytes to disk, but could only write ' . var_export($tmpi2, true) . ' bytes!';
return false;
throw new Exception('TODO: HANDLE THIS ERROR');
}
} elseif (is_string($_FILES['upload_data']['tmp_name'])) {
if (!move_uploaded_file($_FILES['upload_data']['tmp_name'], $fullFilePath)) {
$response->errors[] = 'internal server error. could not move the uploaded file to the files directory.';
return false;
}
} else {
<?php
init();
$dbpath = hhb_combine_filepaths(__DIR__, 'simple_fileshare_db.sqlite3');
$filesfolder = hhb_combine_filepaths(__DIR__, 'files_folder') . '/';
if (file_exists($dbpath)) {
die('db already exist! delete the old db before creating a new 1...');
}
if (is_dir($filesfolder) || file_exists($filesfolder)) {
die('filesfolder already exists! delete the filesfolder before recreating the database. ' . $dbpath);
}
if (!mkdir($filesfolder, 0664)) {
//-rw-rw-r--
die('unable to create folder ' . $filesfolder);
}
if (false === file_put_contents(hhb_combine_filepaths($filesfolder, 'index.html'), 'NO AUTOINDEX ON THIS FOLDER!')) {
die('uname to create file inside folder.');
}
if (false === file_put_contents($dbpath, 'test if we can create the db file')) {
die("Maybe db folder is readonly! cannot create the db file: " . $dbpath);
}
if (false === file_put_contents($dbpath, '')) {
die("Cannot truncate the dbfile! : " . $dbpath);
}
$db = new PDO('sqlite:' . $dbpath, '', '', array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
$schema = file_get_contents('sqlite3_schema.sql');
assert(false !== $schema);
$configsql = 'INSERT INTO `config` (`id`,`default_compression`,`filesfolder`,`download_api_v1_url`) VALUES(1,0,' . $db->quote($filesfolder) . ',' . $db->quote('https://ratma.net/simple_fileshare/download.php') . ');';
$hash_types_sql = '
INSERT INTO `hash_types` (`id`,`hash_description`)
VALUES(1,
<?php
require_once 'hhb_.inc.php';
//theoretically, you can use mysql like
//$db = new PDO('mysql:host=localhost;dbname=simple_fileshare_db;charset=utf8', 'username', 'password',
//array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
//but for now, its SQLite.
$dbpath = hhb_combine_filepaths(__DIR__, 'simple_fileshare_db.sqlite3');
if (!file_exists($dbpath)) {
die('dbpath does not exist! create the db with createdb.php first...');
}
$db = new PDO('sqlite:' . $dbpath, '', '', array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
$files_folder = $db->query('SELECT `filesfolder` FROM `config` WHERE `id` = 1;')->fetch(PDO::FETCH_NUM)[0];
$default_compression = (int) $db->query('SELECT `default_compression` FROM `config` WHERE `id` = 1;')->fetch(PDO::FETCH_NUM)[0];
$download_url = $db->query('SELECT `download_api_v1_url` FROM `config` WHERE `id` = 1;')->fetch(PDO::FETCH_NUM)[0];
function passwordHashV1($password)
{
if (!is_string($password) || 0 >= strlen($password)) {
return '';
}
$ret = str_replace(array('+', '/', '='), array('-', '_', '.'), base64_encode(hash('sha1', hash('sha256', $password, true), true)));
return $ret;
}
